Guest Column
| February 15, 2017

Blockchain In Healthcare: An Executive Update

By John Bass, Corey Todaro, Jason I. Epstein, and Roy Wyman

A recent IBM survey indicates 16 percent of healthcare entities may be working with blockchain in 2017. Blockchain has been associated foremost with currency and the financial services industry (e.g., Bitcoin and other cryptocurrencies).

The use of this technology by healthcare-related entities, however, offers the potential for a highly secure, reliable, decentralized method to store and share data, reduce fraud, and increase integrity of data and support interoperability. Blockchain can also contribute to substantial cost savings, compliance with regulatory requirements, and ultimately assist in better patient care. As a result, many companies, consortia, and governments are exploring use cases for blockchain in healthcare.

IBM, for example, announced a partnership with the U.S. Food and Drug Administration (FDA) to determine whether blockchain technology can be used to keep medical data transfers safe from theft or exploitation. Another example, Hashed Health, has formed a consortium of healthcare companies focused on accelerating meaningful innovation using blockchain and distributed ledger technologies. Finally, the Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) issued a challenge (and awarded winners) and organized a workshop to address ways blockchain technology can be used in health IT to protect, manage, and exchange electronic health information.

Initiatives like the Hyperledger Project are working to collaboratively build an open-source, cross-industry blockchain platform for enterprise use. While there is no unified definition of blockchain, Hyperledger’s definition is pretty good: “A shared ledger between a set of entities that faithfully records a series of transactions, without needing trust and a smart contract platform, for embedding scripts that run across the network and can add new entries to that ledger. Some systems are permissioned (where entities are named/known) and others are unpermissioned (where anyone can participate, even anonymously).”

A smart contract is computer programming that sits on top of the blockchain. It operates to facilitate and complete a transaction automatically (and is often referred to as self-executing contracts). For those who day trade, the concept of self-executing contracts is not new. An example is when you use the trading platform to automatically sell “x” shares when “y” price is achieved, where no additional effort or input is required. The difference would be the smart contract on the blockchain (unlike the trading platform) would not be controlled by any one particular entity (the trading platform provider).

The potential for healthcare industry applications of blockchain and distributed systems is vast. Approaching the topic broadly, there are four general areas of potential for blockchain utility in healthcare, and these broad areas each highlight distinct features of blockchain technology.

Audit And Compliance
A core function of any blockchain solution is to immutably record entries into a time-stamped, encrypted, and persistent ledger. This foundation makes blockchains ideal for a broad range of auditing and compliance applications in healthcare, including logging access to protected health information, duplicate payment auditing, regulatory billing and payment compliance, excluded provider screenings, three-day payment window analysis, sunshine law reporting, and MACRA (MIPS) and Meaningful Use attestation. The immutability of blockchains ensures any compliance data collected is trusted and unalterable, easing audit activities and strengthening compliance policies.

It is important to note immutable does not mean it cannot be changed. Rather, as with digital signatures or records, if a change happened it would be identified, and even more so because of the redundant and distributed nature of the ledger which increases the ability to detect changes. Incidentally, this sort of system should feel familiar in healthcare settings; it is similar to how patient charts are maintained. Old entries (even if erroneous) are never, themselves, deleted or revised, but are amended by adding an additional note.

An example of where blockchain could assist in compliance is with the administrative simplification provisions of the Health Insurance Portability and Accountability Act (HIPAA), which require healthcare providers and payors (known as covered entities) enter into business associate agreements with vendors (i.e., business associates). Monitoring business associates, as well as the flow of identifiable health information, is an expensive and time-intensive process that, if done poorly, can subject covered entities and business associates to audit, regulatory fines, and lawsuits. Smart contracts and shared ledgers, however, offer the promise of simplifying and automating such accounting by, for example, insuring the flow of data begins and ends at the appropriate time and allowing the flow of data only when, and for as long as, a business associate agreement is in place.

Financial And Transactional Management
The second area is financial and transactional management. The way our healthcare system is set up creates a torrent of transactions, payments and otherwise. It has been estimated the administration of healthcare transactions eats up 14 percent of all healthcare expenditures. Billions of dollars of cost savings have been achieved each year since the passage of HIPAA, which required payors accept any electronic claim that meets the standards within the Act. It is likely HIPAA is currently saving tens of billions of dollars each year just based on some elementary math (the estimated 17.8 billion transactions per year including all sources of payment, multiplied by estimated cost savings utilizing CAQH and other sources).

Blockchains provide a much more powerful common transactional platform through the implementation of smart contracts. Costly and inefficient functions like settlement, clearance, and management of counterparty risk can be undertaken automatically via software operating atop the distributed transactional layer.

These features would allow healthcare entities to transact without the need for duplicative (and error-prone) systems or costly intermediaries. Such smart contracts also could streamline the processing of medical, dental, and pharmaceutical claims as well as the complex administration of supply contracts, rebates, and discounts for payors, manufacturers, and pharmacy benefit managers.

The Internet-of-Things
The third area is Internet-of-Things (IoT) integrations with blockchains. These solutions would enable a wide variety of physical sensors or codes to report a distributed ledger system. This would allow these sensors to track high value assets across multiple intermediaries within the healthcare vertical. This has immediate applications for Track & Trace solutions for a variety of healthcare supply chains.

Most significantly, blockchain-enabled sensors would allow enterprises across the pharmaceutical supply chain to meet the growing regulatory requirements of the Drug Supply Chain Security Act (DSCSA) by providing a single source of immutable truth for the movement of pharmaceuticals across multiple intermediary parties, ensuring quality and preventing counterfeit medications from entering the supply chain.

As this article was being written, it was announced Cisco, Bosch, and many other technology and manufacturing companies are teaming up to create protocols that will help secure the Internet of Things ecosystem using blockchain technology. This initiative will be particularly helpful with medical and other devices (especially in the telehealth space) that interconnect with each other and related systems. Even further, blockchain-enabled IoT platforms could also be used in provenance tracking for biologics and allograft tissue implants and medical equipment asset tracking. This technology could even give rise to new business models involving large, expensive pieces of medical equipment, enabling a streamlined Equipment-as-a-Service or per-use offering.

Data Liquidity
Another area of potential for blockchain is data liquidity, enabling data to flow easily and securely across the healthcare ecosystem and enterprises. Employing public key cryptography, blockchain solutions could enable secure and encrypted transactions of sensitive data.

An exemplary use-case involves blockchain-enabled provider data management used in physician credentialing and the maintenance of health plan provider directories. The Centers for Medicare and Medicaid Services (CMS) has required new requirements on health plans serving Medicare Advantage beneficiaries to ensure directory data is correct and up-to-date, exposing plans to significant fines for non-compliance and requiring significant expense to manage provider directories. Blockchain solutions could provide efficient means for sharing changes to provider data in a secure and seamless fashion across multiple enterprises, significantly reducing cost and exposure for health plans while easing the administrative burden on physicians.

Yet, for all the promise of blockchain technology in healthcare, there are some issues that still need to be ironed out before blockchain is enterprise ready in the healthcare world. That does not mean, however, it is not ready for certain applications in the very near future. Some of the main hurdles are legal and regulatory in nature, while others go to operational issues like the establishment of reliable and consistent standards. Sometimes, answers lie in the combination of blockchain technology with other technologies to help address certain regulatory hurdles.

Currently, blockchain is not something expressly considered in statutes and common types of contracts. HIPAA and related regulations regarding Privacy and Security require patients have access to their health records, the ability to request errors or omissions by corrected, and be informed how personal information is shared. Blockchain can offer ways these requirements may be met, while other requirements in HIPAA require more. The Privacy Rule, for example, limits the use of shared digital identifiers in de-identified information, absent certification by an expert, because of the risk of re-identification. Either legislation or new rules may need to be enacted to address these types of issues.

There may also need to be additional technologies used in connection with (or on top of) blockchain technology to address regulatory or other gap. Combining blockchain with Dynamic Data Obscurity which can support non-mathematically derived dynamic anonymous identifiers is one of these technologies. Another example is an identity technology provided by Netki, which provides a Digital Identity Certificates solution. It accomplishes this by allowing for the private transmittal and non-repudiable authentication of system participants’ (e.g. doctors) validated identity information in a manner compliant with HIPAA and other applicable regulatory, business, and industry requirements.

There are also more mundane issues that exist in the normal commercial context. Most typical confidentiality provisions in agreements and non-disclosure agreements require the ability to destroy or return confidential information. The very nature of the blockchain technology is to maintain multiple records that are distributed and not capable of destruction, at least in the classic sense.

The use of blockchain technology, then, will need to be addressed and confidentiality provisions reviewed to ensure compliance. In the HIPAA context, it is notable, that while HIPAA requires, in certain contexts, the return or destruction of protected health information, it makes an exception where such return or destruction is not feasible. It may be that application of blockchain use cases would be permitted, insofar as the blockchain would make return or destruction infeasible.

Lobbying efforts will most likely be required at least at the ONC and the Congressional Blockchain Caucus (created by Rep. Jared Polis (D-CO) and Rep. Mick Mulvaney (R-SC). Appropriate legislation could also be tied to current congressional reviews of the use of data by entities not currently covered by HIPAA, such as wearable device manufacturers. There will also need to be regulatory progress at the state levels to help make sense of the myriad of state privacy laws.

Finally, as with many technologies, there is a race to create standards. Standards Australia, for example, was tasked by the International Organization of Standardization to spearhead a technical committee developing standards for blockchain tech to “support interoperability and data interchange among users, applications and systems.”

Likewise, the National Institute of Standards and Technology (NIST) is currently developing standards for interoperability among the separate blockchain systems. While true interoperability of EHR systems is a generation or two away, utilizing short-term interoperability solutions (such as FHIR), a future iteration of blockchain could provide what many have sought for decades: a truly secure, available, confidential, immutable open EHR controlled by the individual.

Blockchain is a foundational moment, similar in promise to the early internet of the 1990’s. The opportunity is immense for healthcare enterprises that embrace the innovative promise and dedicate resources to experimentation and iterative fast failures. As blockchain platforms mature over the next few years, it is those enterprises that have gotten their hands dirty that will be rewarded, not only of improved operational and transactional efficiencies, but also new business models enabled by this distributed technology platform.

About The Authors
John Bass is founder and chief executive officer of Hashed Health, a blockchain/distributed ledger consortium and service provider for healthcare companies and thought-leaders. He may be reached at jbass@hashedhealth.com or (615) 933-9219.

Corey Todaro is COO of Hashed Health, a blockchain/distributed ledger consortium and service provider for healthcare companies and thought-leaders. He can be reached at ctodaro@hashedhealth.com or (615) 933-9219.

Jason I. Epstein and Roy Wyman are partners in Nelson Mullins’ Nashville office. Epstein co-leads the Technology and Procurement Industry group, and may be reached at jason.epstein@nelsonmullins.com or (615) 664-5364. Wyman is a member of the firm’s Healthcare Regulatory and Transactional Team. He may be reached at roy.wyman@nelsonmullins.com or (615) 664-5362.